From c0afdc3a97b38073ed319119e98f93fe21ee7f90 Mon Sep 17 00:00:00 2001 From: Wolfgang Bumiller Date: Fri, 17 Dec 2021 09:20:58 +0100 Subject: [PATCH] perlmod: deny unsafe_op_in_unsafe_fn Signed-off-by: Wolfgang Bumiller --- perlmod/src/array.rs | 4 ++-- perlmod/src/de.rs | 2 +- perlmod/src/ffi.rs | 16 +++++++++++----- perlmod/src/hash.rs | 4 ++-- perlmod/src/lib.rs | 2 ++ perlmod/src/magic.rs | 6 +++--- perlmod/src/scalar.rs | 36 ++++++++++++++++++++---------------- perlmod/src/value.rs | 24 +++++++++++++----------- 8 files changed, 54 insertions(+), 40 deletions(-) diff --git a/perlmod/src/array.rs b/perlmod/src/array.rs index e228cbd..9444d64 100644 --- a/perlmod/src/array.rs +++ b/perlmod/src/array.rs @@ -52,7 +52,7 @@ impl Array { /// The caller must ensure that it is safe to decrease the reference count later on, or use /// [`into_raw()`](Value::into_raw()) instead of letting the [`Array`] get dropped. pub unsafe fn from_raw_move(ptr: *mut AV) -> Self { - Self(Scalar::from_raw_move(ptr as *mut SV)) + Self(unsafe { Scalar::from_raw_move(ptr as *mut SV) }) } /// Create a new reference to an existing [`AV`] value. This will increase the value's @@ -62,7 +62,7 @@ impl Array { /// /// The caller may still need to decrease the reference count for the `ptr` source value. pub unsafe fn from_raw_ref(ptr: *mut AV) -> Self { - Self(Scalar::from_raw_ref(ptr as *mut SV)) + Self(unsafe { Scalar::from_raw_ref(ptr as *mut SV) }) } /// Create a new reference to this value. diff --git a/perlmod/src/de.rs b/perlmod/src/de.rs index e75ae0f..07581d8 100644 --- a/perlmod/src/de.rs +++ b/perlmod/src/de.rs @@ -186,7 +186,7 @@ impl<'deserializer> Deserializer<'deserializer> { /// from a borrowed Value (keeping references to all the contained data within perl), which lives /// longer than the deserializer. unsafe fn str_set_wrong_lifetime<'a, 'b>(s: &'a str) -> &'b str { - std::str::from_utf8_unchecked(std::slice::from_raw_parts(s.as_ptr(), s.len())) + unsafe { std::str::from_utf8_unchecked(std::slice::from_raw_parts(s.as_ptr(), s.len())) } } impl<'de, 'a> de::Deserializer<'de> for &'a mut Deserializer<'de> { diff --git a/perlmod/src/ffi.rs b/perlmod/src/ffi.rs index c6fc38e..193e409 100644 --- a/perlmod/src/ffi.rs +++ b/perlmod/src/ffi.rs @@ -341,7 +341,9 @@ impl StackMark { /// This is only valid if the mark is still valid (smaller than `PL_stack_sp`) and all values /// still remaining on the stack are mortal (which should normally be the case anyway). pub unsafe fn set_stack(self) { - RSPL_stack_shrink_to(self.0); + unsafe { + RSPL_stack_shrink_to(self.0); + } } } @@ -377,7 +379,7 @@ impl Iterator for StackIter { /// /// Read up on `PL_markstack_ptr` in perlguts. This is equivalent to `*PL_markstack_ptr--` in C. pub unsafe fn pop_arg_mark() -> StackMark { - StackMark(RSPL_pop_markstack_ptr()) + StackMark(unsafe { RSPL_pop_markstack_ptr() }) } /// Push a value to the stack. @@ -387,8 +389,10 @@ pub unsafe fn pop_arg_mark() -> StackMark { /// Read up on mortals and the stack and when it is legal to put a value onto it. Typically a /// mortal value with no more references to it to avoid leaking if they aren't used later on. pub unsafe fn stack_push_raw(value: *mut SV) { - RSPL_stack_resize_by(1); - *RSPL_stack_sp() = value; + unsafe { + RSPL_stack_resize_by(1); + *RSPL_stack_sp() = value; + } } pub fn stack_push(value: crate::Mortal) { @@ -453,7 +457,9 @@ pub fn stack_push(value: crate::Mortal) { /// } /// ``` pub unsafe fn croak(sv: *mut SV) -> ! { - RSPL_croak_sv(sv); + unsafe { + RSPL_croak_sv(sv); + } } /// Create a pseudo-block for mortals & temps to be freed after it. diff --git a/perlmod/src/hash.rs b/perlmod/src/hash.rs index e7c65e9..71b09c6 100644 --- a/perlmod/src/hash.rs +++ b/perlmod/src/hash.rs @@ -50,7 +50,7 @@ impl Hash { /// The caller must ensure that it is safe to decrease the reference count later on, or use /// [`into_raw()`](Value::into_raw()) instead of letting the [`Hash`](struct@Hash) get dropped. pub unsafe fn from_raw_move(ptr: *mut HV) -> Self { - Self(Scalar::from_raw_move(ptr as *mut SV)) + Self(unsafe { Scalar::from_raw_move(ptr as *mut SV) }) } /// Create a new reference to an existing [`HV`] value. This will increase the value's @@ -60,7 +60,7 @@ impl Hash { /// /// The caller may still need to decrease the reference count for the `ptr` source value. pub unsafe fn from_raw_ref(ptr: *mut HV) -> Self { - Self(Scalar::from_raw_ref(ptr as *mut SV)) + Self(unsafe { Scalar::from_raw_ref(ptr as *mut SV) }) } /// Create a new reference to this value. diff --git a/perlmod/src/lib.rs b/perlmod/src/lib.rs index 6bdd1dc..79f8956 100644 --- a/perlmod/src/lib.rs +++ b/perlmod/src/lib.rs @@ -21,6 +21,8 @@ //! [`package`]: attr.package.html //! [`export`]: attr.export.html +#![deny(unsafe_op_in_unsafe_fn)] + pub mod error; pub use error::Error; diff --git a/perlmod/src/magic.rs b/perlmod/src/magic.rs index 80f6fc1..3461b21 100644 --- a/perlmod/src/magic.rs +++ b/perlmod/src/magic.rs @@ -105,7 +105,7 @@ unsafe impl Leakable for Box { } unsafe fn reclaim(ptr: &T) -> Self { - Box::from_raw(ptr as *const T as *mut T) + unsafe { Box::from_raw(ptr as *const T as *mut T) } } } @@ -117,7 +117,7 @@ unsafe impl Leakable for std::sync::Arc { } unsafe fn reclaim(ptr: &T) -> Self { - std::sync::Arc::from_raw(ptr as *const T) + unsafe { std::sync::Arc::from_raw(ptr as *const T) } } } @@ -129,7 +129,7 @@ unsafe impl Leakable for std::rc::Rc { } unsafe fn reclaim(ptr: &T) -> Self { - std::rc::Rc::from_raw(ptr as *const T) + unsafe { std::rc::Rc::from_raw(ptr as *const T) } } } diff --git a/perlmod/src/scalar.rs b/perlmod/src/scalar.rs index 2d20932..28c863e 100644 --- a/perlmod/src/scalar.rs +++ b/perlmod/src/scalar.rs @@ -55,7 +55,7 @@ impl Scalar { /// /// The caller may still need to decrease the reference count for the `ptr` source value. pub unsafe fn from_raw_ref(ptr: *mut SV) -> Self { - Self::from_raw_move(ffi::RSPL_SvREFCNT_inc(ptr)) + unsafe { Self::from_raw_move(ffi::RSPL_SvREFCNT_inc(ptr)) } } /// Create a reference to `PL_sv_undef`. @@ -332,7 +332,7 @@ impl ScalarRef { /// /// The user is responsible for making sure the underlying pointer is correct. pub unsafe fn pv_ref(&self) -> Result<&T, Error> { - self.pv_raw().map(|p| &*p) + self.pv_raw().map(|p| unsafe { &*p }) } /// Interpret the byte string as a pointer and return it as a mutable reference for @@ -342,7 +342,7 @@ impl ScalarRef { /// /// The user is responsible for making sure the underlying pointer is correct. pub unsafe fn pv_mut_ref(&self) -> Result<&mut T, Error> { - self.pv_raw().map(|p| &mut *p) + self.pv_raw().map(|p| unsafe { &mut *p }) } /// Create another owned reference to this value. @@ -394,14 +394,16 @@ impl ScalarRef { name: *const libc::c_char, namelen: i32, ) { - let _magic_ptr = ffi::RSPL_sv_magicext( - self.sv(), - obj.map(Self::sv).unwrap_or(std::ptr::null_mut()), - how.unwrap_or_else(|| ffi::RSPL_PERL_MAGIC_ext()), - vtbl, - name, - namelen, - ); + let _magic_ptr = unsafe { + ffi::RSPL_sv_magicext( + self.sv(), + obj.map(Self::sv).unwrap_or(std::ptr::null_mut()), + how.unwrap_or_else(|| ffi::RSPL_PERL_MAGIC_ext()), + vtbl, + name, + namelen, + ) + }; } /// Remove attached magic. @@ -412,11 +414,13 @@ impl ScalarRef { /// /// It is up to the user that doing this will not crash the perl interpreter. pub unsafe fn remove_raw_magic(&self, ty: Option, vtbl: Option<&ffi::MGVTBL>) { - ffi::RSPL_sv_unmagicext( - self.sv(), - ty.unwrap_or_else(|| ffi::RSPL_PERL_MAGIC_ext()), - vtbl, - ) + unsafe { + ffi::RSPL_sv_unmagicext( + self.sv(), + ty.unwrap_or_else(|| ffi::RSPL_PERL_MAGIC_ext()), + vtbl, + ) + } } /// Find a magic value, if present. diff --git a/perlmod/src/value.rs b/perlmod/src/value.rs index a733530..c2275c8 100644 --- a/perlmod/src/value.rs +++ b/perlmod/src/value.rs @@ -60,13 +60,15 @@ impl Value { /// you're doing, as perl code WILL execute the function and expect it to behave in a /// particular way! pub unsafe fn new_xsub(xsub: perl_fn!(extern "C" fn(*mut crate::ffi::CV))) -> Self { - Self::from_raw_move(crate::ffi::RSPL_newXS_flags( - std::ptr::null(), - xsub as _, - std::ptr::null(), - std::ptr::null(), - 0, - ) as _) + unsafe { + Self::from_raw_move(crate::ffi::RSPL_newXS_flags( + std::ptr::null(), + xsub as _, + std::ptr::null(), + std::ptr::null(), + 0, + ) as _) + } } /// If the value is an array, returns the associated [`Array`]. @@ -223,7 +225,7 @@ impl Value { /// The caller must ensure that it is safe to decrease the reference count later on, or use /// `into_raw()` instead of letting the `Value` get dropped. pub unsafe fn from_raw_move(ptr: *mut SV) -> Self { - Self::from_scalar(Scalar::from_raw_move(ptr as *mut SV)) + Self::from_scalar(unsafe { Scalar::from_raw_move(ptr as *mut SV) }) } /// Create a new reference to an existing `SV` value. This will increase the value's reference @@ -233,7 +235,7 @@ impl Value { /// /// The caller may still need to decrease the reference count for the `ptr` source value. pub unsafe fn from_raw_ref(ptr: *mut SV) -> Self { - Self::from_scalar(Scalar::from_raw_ref(ptr as *mut SV)) + Self::from_scalar(unsafe { Scalar::from_raw_ref(ptr as *mut SV) }) } /// Convert a [`Scalar`] to a [`Value`]. @@ -301,7 +303,7 @@ impl Value { .dereference() .ok_or_else(|| Error::new("not a reference"))? .pv_raw()?; - Ok(&*(ptr as *const T)) + Ok(unsafe { &*(ptr as *const T) }) } /// Check that the value is a reference and blessed into a particular package name. If so, @@ -325,7 +327,7 @@ impl Value { ))); } - Ok(&*(ptr.pv_raw()? as *const T)) + Ok(unsafe { &*(ptr.pv_raw()? as *const T) }) } /// Take ownership of a boxed value and create a perl value blessed into a package name.